b'DOE F 1325.8\n(08-93)\nUnited States Government                                                Department of Energy\n\nmemorandum\n          DATE:   May 22, 2009\n   REPLY TO\n    ATTN OF:      IG-40\n\n    SUBJECT:      Letter Report on \xe2\x80\x9cSecurity Weaknesses in the Handling of Unclassified Printers and Copiers\n                  at the Oak Ridge National Laboratory,\xe2\x80\x9d (INS-L-09-06, S08IS001)\n\n    TO:           Manager, Oak Ridge Office\n\n                  This is to advise you of the results of an Office of Inspector General inspection concerning an\n                  allegation that the Department of Energy\xe2\x80\x99s Oak Ridge National Laboratory (ORNL) was\n                  excessing printers used to process sensitive, unclassified information without purging or\n                  destroying their information storage devices. As we conducted our inspection, we coordinated\n                  closely with site officials, and numerous corrective actions were taken or initiated to address\n                  our findings. This report serves to document the final results of the review.\n\n                  BACKGROUND\n\n                  ORNL\xe2\x80\x99s primary mission is to provide technology and expertise to Government agencies in\n                  support of national security. Much of the information produced or received by ORNL is\n                  sensitive and requires special handling to protect against unauthorized disclosure. The\n                  Department\xe2\x80\x99s Oak Ridge Office oversees the management of ORNL by UT-Battelle, LLC.\n\n                  In carrying out its mission, ORNL uses various information technology systems to process or\n                  reproduce information, including some printers and copiers containing hard drives capable of\n                  storing information. This information may include sensitive, unclassified information, such\n                  as official use only, export controlled, and personally identifiable information (e.g., name,\n                  social security number and medical history) and requires specific protection as mandated by\n                  law, regulation, or policy. Department policy requires that information storage devices in\n                  printers and copiers used to process such information must be cleared, purged, or destroyed\n                  by approved overwriting software, degaussing, or physical destruction before being excessed,\n                  returned to vendors, or internally transferred, so such information is not released to\n                  unauthorized personnel.\n\n                  The Office of Inspector General received an allegation that ORNL was excessing printers\n                  used to process sensitive, unclassified information without purging or destroying their\n                  information storage devices. Previous work by our office at other Department sites has\n                  identified problems with memory devices not being cleared, purged, or destroyed prior to\n                  excessing. We initiated an inspection to evaluate ORNL\xe2\x80\x99s procedures for excessing printers\n                  with hard drive storage capability. Based on the results of our preliminary work, we\n                  broadened the scope of our inspection to include copiers.\n\x0cRESULTS OF INSPECTION\n\nWe concluded that ORNL did not have adequate procedures for excessing printers and\nreturning or transferring copiers to prevent the unauthorized dissemination of sensitive,\nunclassified information. We found that during our sample period of April 2006 through\nApril 2008 up to 30 printers were excessed from ORNL without their hard drives being\ncleared, purged, or destroyed. We interviewed two of the associated property custodians, and\nthey confirmed that their printers were used to process sensitive information.\n\nWe also found that during a sample period of 2006 until December 2007, ORNL returned 9\ncopiers to its suppliers and internally transferred 16 copiers for reuse without ensuring that\nthe copiers\xe2\x80\x99 hard drives were cleared, purged, or destroyed. ORNL discontinued those\npractices when we first raised this matter in December 2007. ORNL subsequently confirmed\nseven of the nine returned copiers definitely processed sensitive information. We were told\nby ORNL\xe2\x80\x99s two copier suppliers that they were unaware of the whereabouts of the returned\ncopiers\xe2\x80\x99 hard drives. The supplier responsible for six of the seven copiers informed us that it\nuses facilities located in Mexico to refurbish returned copier components.\n\nThe requirement to clear, purge, or destroy information storage devices used to process\nsensitive information has been Department policy for several years. We noted, however, that\nORNL\xe2\x80\x99s implementation procedures did not specifically identify that printers and copiers\nmay have information storage devices, which may have contributed to ORNL\xe2\x80\x99s failure to\nexamine such equipment for the presence of a hard drive prior to excessing or internal\ntransfer. Several individuals we interviewed told us that they were unaware that printers and\ncopiers may have such devices and were, as a result, subject to special handling prior to\nexcessing or internal transfer.\n\nAlso, although outside the scope of our inspection, while reviewing the hard drives of several\nprinters awaiting excessing, the Office of Inspector General\xe2\x80\x99s Technology Crimes Section\ndiscovered that one printer was used to print material from multiple pornographic websites.\nIn addition to clear prohibitions against such use, accessing inappropriate websites has a high\nprobability of introducing malicious code designed to infiltrate and damage, modify, or\nmonitor a computer system without the owner\xe2\x80\x99s knowledge or consent. The property\ncustodians for the examined printers told us it could not be determined who used the printer\nto print the pornography.\n\nIn response to our review, ORNL officials: initiated a management assessment; disabled the\ndocument servers for over 160 copiers with hard drives in use at ORNL to prevent the release\nof sensitive information stored on the hard drives; modified copier lease agreements to\ninclude a requirement to either remove copier hard drives or to properly clear, purge, or\ndestroy the hard drives before excessing; and, updated local procedures to incorporate the\nexamination of excess printers and copiers to identify hard drives for proper disposition.\nORNL discontinued returning copiers to its suppliers after we made initial inquiries in\nDecember 2007 and later identified 218 hard drives to be removed from leased copiers.\nORNL is taking actions to have the hard drives purged or destroyed in the near future.\n\n\n\n\n                                         2\n\x0cSince corrective actions have been taken, we are not making any formal recommendations in\nthis report and a formal response is not required. This inspection was conducted in\naccordance with the \xe2\x80\x9cQuality Standards for Inspections\xe2\x80\x9d issued by the President\xe2\x80\x99s Council on\nIntegrity and Efficiency. We appreciate the responsiveness of your office and the\ncooperation we received throughout this inspection. If you have any questions concerning\nthis review, please contact Ms. Marilyn Richardson or me at (202) 586-4109.\n\n\n\n\n                                        Elise M. Ennis\n                                        Assistant Inspector General\n                                         for Inspections\n\ncc: Director, Office of Science\n    Chief Health, Safety and Security Officer\n    Director, Office of Internal Review (CF-1.2)\n    Audit Liaison, Oak Ridge Office\n\n\n\n\n                                        3\n\x0c'